Hackers use Zoom to install malware on your computer and phone

0

A security flaw in Zoom’s security has allowed hackers to install malware on your computer, Android and iOS devices.

STRONG POINTS

  • Zoom security bug allows hackers to send malicious link to users.
  • Hackers first send a simple message to the targeted device.
  • Zoom has now acknowledged the bug.

If you use the Zoom app for all videoconferences and virtual gatherings, you should update your app soon. Indeed, a security loophole has allowed hackers to install malware on your computer, Android and iOS devices. According to reports, the hackers first send a simple message to the targeted device and then malware is illegally installed on the device. Zoom has now acknowledged the bug.

According to reports, Zoom Client for Meetings works on Android, iOS, Linux, macOS and Windows systems before version 5.10.0. “The Zoom client for meetings (for Android, iOS, Linux, macOS, and Windows) prior to version 5.10.0 fails to properly validate the hostname when requesting a server change. This issue could be used in a more sophisticated attack to trick an unsuspecting user’s client into connecting to a malicious server when they attempt to use Zoom services,” Zoom noted in a blog post. The bug was discovered by Google’s Project Zero bug hunter Ivan Fratric, who reported the issue to Zoom in February.

“The only capability an attacker needs is to be able to send messages to the victim via Zoom chat using the XMPP protocol,” Fratric said in a blog post. The messages are specially designed to target innocent users and implant malicious codes in victim’s device. The worst thing is that even if users do not interact with the threat message, it will be injected into their computer or phone. Devices like Android, iPhone and Windows can be easily targeted using this malware.

“This report describes a chain of vulnerability that allows an attacker to compromise another user via Zoom chat. User interaction is not required for a successful attack. The only capability an attacker needs is to be able to send messages to the victim via Zoom chat using the XMPP protocol,” Fratic said. Zoom marked the threat severity as “high”. All Zoom users are advised to download the latest V5.10.0 update and refrain from opening malicious links or interacting with text messages.

Share.

Comments are closed.